CVE-2022-3034

Опубликовано: 31 авг. 2022

Источник: redhat

CVSS3: 6.1

Описание

When receiving an HTML email that specified to load an iframe element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of sending a request to the remote document when receiving an HTML email that specified to load an iframe element from a remote location. However, Thunderbird didn't display the document.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	thunderbird	Out of support scope
Red Hat Enterprise Linux 7	thunderbird	Fixed	RHSA-2022:6710	26.09.2022
Red Hat Enterprise Linux 8	thunderbird	Fixed	RHSA-2022:6708	26.09.2022
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions	thunderbird	Fixed	RHSA-2022:6716	26.09.2022
Red Hat Enterprise Linux 8.2 Extended Update Support	thunderbird	Fixed	RHSA-2022:6715	26.09.2022
Red Hat Enterprise Linux 8.4 Extended Update Support	thunderbird	Fixed	RHSA-2022:6713	26.09.2022
Red Hat Enterprise Linux 9	thunderbird	Fixed	RHSA-2022:6717	26.09.2022

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-449

https://bugzilla.redhat.com/show_bug.cgi?id=2123257Mozilla: An iframe element in an HTML email could trigger a network request

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2022-3034

CVSS3: 4.3

ubuntu

больше 2 лет назад

When receiving an HTML email that specified to load an <code>iframe</code> element from a remote location, a request to the remote document was sent. However, Thunderbird didn't display the document. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1.